2 * {- join("\n * ", @autowarntext) -}
4 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
8 * Licensed under the Apache License 2.0 (the "License"). You may not use
9 * this file except in compliance with the License. You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
13 * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
17 use OpenSSL::stackhash qw(generate_stack_macros);
20 #ifndef OPENSSL_CRMF_H
21 # define OPENSSL_CRMF_H
23 # include <openssl/opensslconf.h>
25 # ifndef OPENSSL_NO_CRMF
26 # include <openssl/opensslv.h>
27 # include <openssl/safestack.h>
28 # include <openssl/crmferr.h>
29 # include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
31 /* explicit #includes not strictly needed since implied by the above: */
32 # include <openssl/types.h>
33 # include <openssl/x509.h>
39 # define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0
40 # define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1
41 # define OSSL_CRMF_POPOPRIVKEY_DHMAC 2
42 # define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3
43 # define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4
45 # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
46 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
48 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
49 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
50 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
51 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
52 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
54 generate_stack_macros("OSSL_CRMF_MSG");
56 typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
57 typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
58 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
59 typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
60 typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
61 typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
62 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
63 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
65 generate_stack_macros("OSSL_CRMF_CERTID");
68 typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
69 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
70 typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
71 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
72 typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
73 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
74 typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
75 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
77 typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
80 OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
81 int owfnid, size_t itercnt,
83 int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
84 const OSSL_CRMF_PBMPARAMETER *pbmp,
85 const unsigned char *msg, size_t msglen,
86 const unsigned char *sec, size_t seclen,
87 unsigned char **mac, size_t *maclen);
90 int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
91 const ASN1_UTF8STRING *tok);
93 *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
94 int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
95 const ASN1_UTF8STRING *auth);
97 *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
99 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
100 OSSL_CRMF_SINGLEPUBINFO *spi);
101 # define OSSL_CRMF_PUB_METHOD_DONTCARE 0
102 # define OSSL_CRMF_PUB_METHOD_X500 1
103 # define OSSL_CRMF_PUB_METHOD_WEB 2
104 # define OSSL_CRMF_PUB_METHOD_LDAP 3
105 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
106 int method, GENERAL_NAME *nm);
107 # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0
108 # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
109 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
111 int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
112 const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
113 OSSL_CRMF_PKIPUBLICATIONINFO
114 *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
115 int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
116 const X509_PUBKEY *pubkey);
118 *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
119 int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
120 const OSSL_CRMF_CERTID *cid);
122 *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
123 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
124 const ASN1_INTEGER *serial);
126 int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
127 const ASN1_UTF8STRING *utf8pairs);
129 *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
130 int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
131 const OSSL_CRMF_CERTREQUEST *cr);
132 OSSL_CRMF_CERTREQUEST
133 *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
135 int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
136 ASN1_TIME *notBefore, ASN1_TIME *notAfter);
137 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
138 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
139 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
141 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
142 # define OSSL_CRMF_POPO_NONE -1
143 # define OSSL_CRMF_POPO_RAVERIFIED 0
144 # define OSSL_CRMF_POPO_SIGNATURE 1
145 # define OSSL_CRMF_POPO_KEYENC 2
146 # define OSSL_CRMF_POPO_KEYAGREE 3
147 int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
148 EVP_PKEY *pkey, const EVP_MD *digest,
149 OSSL_LIB_CTX *libctx, const char *propq);
150 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
151 int rid, int acceptRAVerified,
152 OSSL_LIB_CTX *libctx, const char *propq);
153 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
155 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
157 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
159 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
161 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
163 *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
165 *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
166 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
168 const X509_NAME *subject,
169 const X509_NAME *issuer,
170 const ASN1_INTEGER *serial);
172 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
173 OSSL_LIB_CTX *libctx, const char *propq,
179 # endif /* !defined(OPENSSL_NO_CRMF) */
180 #endif /* !defined(OPENSSL_CRMF_H) */